Home / Vulnerability Intelligence / CVE-2026-33136

CVE-2026-33136 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: March 20, 2026

WeGIA - Reflected XSS

Published: March 20, 2026Updated: March 20, 2026PoC AvailableRemote Exploitable

Overview

WeGIA <= 3.6.6 contains a reflected XSS caused by unsanitized injection of the sccd GET parameter in listar_memorandos_ativos.php, letting attackers inject arbitrary scripts, exploit requires crafted URL.

Severity & Score

Severity: Critical

CVSS Score: 9.3

EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary JavaScript in users' browsers, leading to session hijacking or phishing.

Mitigation

Upgrade to version 3.6.7.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🔴 CVE-2026-33136 - Critical (9.3) WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33136/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-33136
Severity: Critical
CVSS Score: 9.3
Type: reflected_xss
Status: confirmed
EPSS: 3.0%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Score

3.0%Probability of exploitation in the next 30 days